7760 matches found
DSA-574-1 cabextract - missing directory sanitising
Bulletin has no description...
DSA-573-1 cupsys - integer overflows
Bulletin has no description...
[SECURITY] [DSA 561-1] New libxpm packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 561-1 [email protected] http://www.debian.org/security/ Martin Schulze October 11th, 2004 http://www.debian.org/security/faq -...
DSA-559-1 net-acct - insecure temporary file
Bulletin has no description...
Debian DSA-150-1 : interchange - illegal file exposition
A problem has been discovered in Interchange, an e-commerce and general HTTP database display system, which can lead to an attacker being able to read any file to which the user of the Interchange daemon has sufficient permissions, when Interchange runs in 'INET mode' internet domain socket. This...
Debian DSA-146-2 : dietlibc - integer overflow
An integer overflow bug has been discovered in the RPC library used by dietlibc, a libc optimized for small size, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows ...
Debian DSA-202-1 : im - insecure temporary files
Tatsuya Kinoshita discovered that IM, which contains interface commands and Perl libraries for E-mail and NetNews, creates temporary files insecurely. - The impwagent program creates a temporary directory in an insecure manner in /tmp using predictable directory names without checking the return...
Debian DSA-130-1 : ethereal - remotely triggered memory allocation error
Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in the ASN.1 parser. This can be triggered when analyzing traffic using the SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This vulnerability was announced in the ethereal security advisory enpa-sa-00003. This issue has...
Debian DSA-517-1 : cvs - buffer overflow
Derek Robert Price discovered a potential buffer overflow vulnerability in the CVS server, based on a malformed Entry, which serves the popular Concurrent Versions System. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...
Debian DSA-155-1 : kdelibs - privacy escalation with Konqueror
Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a...
Debian DSA-194-1 : masqmail - buffer overflows
A set of buffer overflows have been discovered in masqmail, a mail transport agent for hosts without permanent internet connection. In addition to this privileges were dropped only after reading a user-supplied configuration file. Together this could be exploited to gain unauthorized root access ...
Debian DSA-163-1 : mhonarc - XSS
Jason Molenda and Hiromitsu Takagi foundways to exploit cross site scripting bugs in mhonarc, a mail to HTML converter. When processing maliciously crafted mails of type text/html mhonarc does not deactivate all scripting parts properly. This is fixed in upstream version 2.5.3. If you are worried...
Debian DSA-249-1 : w3mmee - missing HTML quoting
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send their local cookies...
DSA-553-1 getmail - symlink vulnerability
Bulletin has no description...
[SECURITY] [DSA 546-1] New gdk-pixbuf packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 546-1 [email protected] http://www.debian.org/security/ Martin Schulze September 16th, 2004 http://www.debian.org/security/faq -...
Heimdal: ftpd root escalation
Background Heimdal is an implementation of Kerberos 5. Description Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code. Additionally, a potential vulnerability that could lead to Denial of Service by the Key Distribution...
GLSA-200409-19 : Heimdal: ftpd root escalation
The remote host is affected by the vulnerability described in GLSA-200409-19 Heimdal: ftpd root escalation Przemyslaw Frasunek discovered several flaws in lukemftpd, which also apply to Heimdal ftpd's out-of-band signal handling code. Additionally, a potential vulnerability that could lead to...
CVE-2004-0642
Double free vulnerabilities in the error handling code for ASN.1 decoders in the 1 Key Distribution Center KDC library and 2 client library for MIT Kerberos 5 krb5 1.3.4 and earlier may allow remote attackers to execute arbitrary code...
CVE-2004-0642
MIT Kerberos 5 (krb5) is affected by CVE-2004-0642 due to double-free vulnerabilities in the ASN.1 decoder error handling for both the KDC library and the krb5 client library (versions 1.3.4 and earlier). The issue can allow remote attackers to execute arbitrary code, potentially compromising the...
MIT krb5: Multiple vulnerabilities
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The implementation of the Key Distribution Center KDC and the MIT krb5 library contain double-free vulnerabilities, making client programs as we...